Tag: cloud security

The Secret Sauce of User Provisioning

If you want the secret to user provisioning and de-provisioning in an enterprise setting, I’ll give you the one word answer, and then you can get on with the rest of your day… Integration. However, if you need to know why, how and with what…read on. The need to credential authorized users to your network and other proprietary assets is clear. You only want those with the proper rights in…and all others out. Complicating matters is that there are so many users these days…employees, channel

Avoiding the fate of Erasmus Wilson and others who ignore progress (cloud)

OR WHY THE CLOUD WILL SUPPLANT ON-PREMISE FOR SECURITY INITIATIVES Erasmus Wilson, the celebrated Oxford professor once proclaimed, “When the Paris Exhibition [of 1878] closes, electric light will close with it and no more will be heard of it.” History is littered with those who refused to embrace the obviousness of the future. Didn’t Digital founder Ken Olsen prognosticate “There is no reason anyone would want a computer in their home,” in 1977. (His company was broken up for parts after its acquisition by Compaq

Supporting CIO strategies and priorities from the cloud-Part 1

The biggest eye-opener in Gartner’s recently-published study on the current agenda regarding the digital landscape for Chief Information Officers is that CIO’s recognize that cloud computing will not only be a significant part of the future, but that their own roles and behavior need to be updated to survive in the modern enterprise. “CIOs will have to develop new IT strategies and plans that go beyond the usual day-to-day maintenance of an enterprise IT infrastructure…. technologies provide a platform to achieve results, but only if

Sailing the 7 C’s of security monitoring

What is it your mom used to say? “A watched pot never boils.” This might be true, but a watched pot also never spills; it never allows your younger sister to stick her hand in the hot water; prevents Uncle Jack from tasting before dinner is ready; and if something unforeseen happens, there is time to mitigate the problems. One of the established best practices in InfoSec is monitoring. People, products and companies get paid a great deal of money and expend a great deal

The New Standard: Intelligence-Driven Security

In his most recent blog post, Art Coviello, the executive chairman at RSA posed an important question. How do we move from traditional security to intelligence-driven security? In his answer he described that the quickly interdependent exchanges between parties (B2C, B2B, B2P, etc) have grown beyond the traditional means of securing the enterprise: “IT organizations have continued to construct security infrastructures around a disintegrating perimeter of increasingly ineffective controls.” He described a new-model of cyber-security that includes 5 concepts: A thorough understanding of risk The

Adaptive Risk: Making sure you are who you say you are

Does this sound familiar? Ann, sitting at her desk eating lunch, is surfing the Net. She checks her personal Yahoo email account and sees a message from a purported survey company asking her about her music preferences. She opens the email and takes the survey. Seems harmless enough, but what Ann doesn’t know is that this survey company doesn’t exist  and embedded in some of the survey prompts  hid an undetected botnet that downloaded onto her desktop. This nasty bugger can record her keystrokes and

My Security Playlist: now playing Access Management

While I peruse my morning inbox, I enjoy listening to music on my iPod. It just so happens this morning’s first random selection served as the inspiration for today’s blog: Let ‘Em In by Paul McCartney & Wings. “Someones knockin at the door Somebody’s ringin’ the bell Do me a favor, Open the door and let em in!” There is nothing more damaging to the overall enterprise operation and business reputation than permissive access policies. Considering the all the entry points from applications to social

How cloud security balances risk versus reward

I spend a great deal of my day thinking about security. How it affects the enterprise; how to best position and protect assets. How it shapes risk management and how it delivers potential benefits through smoother operations, enhanced trust and loss prevention. At its core, security is about risk versus reward. It’s no great secret that many executives look at security as a cost center. Compounded by the requirements of compliance, the expansion of technology, and the nature of the modern enterprise, no one doubts

It’s a Wonderful Cloud-a Security Carol

It’s not Wordsworth, but hopefully worth the words. Happy holidays to all of you and thank you for reading. May the season keep your perimeters protected, your assets secure and your networks free of nasty little elves or ancient Mayan disasters! Twas the night before Christmas and all through the net No access was stirring; No hackers as yet. Murphy in sales was showing his app Tweeting and downloading with only a tap I grumble and moan ‘cause I know it to be. That his

It’s money that matters in the cloud…well, at least ROI

With all the talk of fiscal cliffs, financial binds and “next year’s budget,” I started thinking about cloud security in more tangible ways. Specifically returns on investment, economic impact and total costs of ownership. Just like death and taxes, businesses can add intrusion and attack to the list of sureties. I can hear CFOs all over the world sigh in exasperation as they feel pressured to add another expense line item to minimize the building security threats to their enterprises. Before you add another decimal